1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00

gpg: Print info about the used AEAD algorithm in the compliance msg.

* g10/misc.c (openpgp_cipher_algo_mode_name): New.
* g10/decrypt-data.c (decrypt_data): Use function here.
--

Note that openpgp_cipher_algo_mode_name is different from the version
2.2 becuase we append ".CFB" here.

Without this change we would see

  gpg: cipher algorithm 'AES256' may not be used in
  --compliance=de-vs mode

This is confusing because AES256 is compliant.  Now we see

  gpg: cipher algorithm 'AES256.OCB' may not be used in
  --compliance=de-vs mode

which gives a hint on the problem.
This commit is contained in:
Werner Koch 2022-03-18 13:50:18 +01:00
parent 449d2fbcde
commit 06b70daa50
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 18 additions and 5 deletions

View File

@ -242,10 +242,8 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
if ( opt.verbose && !dek->algo_info_printed ) if ( opt.verbose && !dek->algo_info_printed )
{ {
if (!openpgp_cipher_test_algo (dek->algo)) if (!openpgp_cipher_test_algo (dek->algo))
log_info (_("%s.%s encrypted data\n"), log_info (_("%s encrypted data\n"),
openpgp_cipher_algo_name (dek->algo), openpgp_cipher_algo_mode_name (dek->algo, ed->aead_algo));
ed->aead_algo? openpgp_aead_algo_name (ed->aead_algo)
/**/ : "CFB");
else else
log_info (_("encrypted with unknown algorithm %d\n"), dek->algo ); log_info (_("encrypted with unknown algorithm %d\n"), dek->algo );
dek->algo_info_printed = 1; dek->algo_info_printed = 1;
@ -265,7 +263,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
if (!gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, ciphermode)) if (!gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, ciphermode))
{ {
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"), log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
openpgp_cipher_algo_name (dek->algo), openpgp_cipher_algo_mode_name (dek->algo,ed->aead_algo),
gnupg_compliance_option_string (opt.compliance)); gnupg_compliance_option_string (opt.compliance));
*compliance_error = 1; *compliance_error = 1;
if (opt.flags.require_compliance) if (opt.flags.require_compliance)

View File

@ -126,6 +126,8 @@ enum gcry_cipher_algos map_cipher_openpgp_to_gcry (cipher_algo_t algo);
int openpgp_cipher_blocklen (cipher_algo_t algo); int openpgp_cipher_blocklen (cipher_algo_t algo);
int openpgp_cipher_test_algo(cipher_algo_t algo); int openpgp_cipher_test_algo(cipher_algo_t algo);
const char *openpgp_cipher_algo_name (cipher_algo_t algo); const char *openpgp_cipher_algo_name (cipher_algo_t algo);
const char *openpgp_cipher_algo_mode_name (cipher_algo_t algo,
aead_algo_t aead);
gpg_error_t openpgp_aead_test_algo (aead_algo_t algo); gpg_error_t openpgp_aead_test_algo (aead_algo_t algo);
const char *openpgp_aead_algo_name (aead_algo_t algo); const char *openpgp_aead_algo_name (aead_algo_t algo);

View File

@ -614,6 +614,19 @@ openpgp_cipher_algo_name (cipher_algo_t algo)
} }
/* Same as openpgp_cipher_algo_name but returns a string in the form
* "ALGO.MODE". If AEAD is 0 "CFB" is used for the mode. */
const char *
openpgp_cipher_algo_mode_name (cipher_algo_t algo, aead_algo_t aead)
{
return map_static_strings ("openpgp_cipher_algo_mode_name", algo, aead,
openpgp_cipher_algo_name (algo),
".",
aead? openpgp_aead_algo_name (aead) : "CFB",
NULL);
}
/* Return 0 if ALGO is supported. Return an error if not. */ /* Return 0 if ALGO is supported. Return an error if not. */
gpg_error_t gpg_error_t
openpgp_aead_test_algo (aead_algo_t algo) openpgp_aead_test_algo (aead_algo_t algo)